设为首页收藏本站
开启辅助访问

Springboot+RSA非对称加密

 您所在的位置:网站首页 对称加密和非对称加密使用场景 Springboot+RSA非对称加密

Springboot+RSA非对称加密

2024-03-06 04:27| 来源: 网络整理| 查看: 265

这是百度百科对(对称加密丶非对称加密)的解释:

(1)对称加密算法在加密和解密时使用的是同一个秘钥。

(2)非对称加密算法需要两个密钥来进行加密和解密,这两个秘钥是公开密钥(public key,简称公钥)和私有密钥(private key,简称私钥)。

处理的思路: (1)服务端利用RSA创建一对公私钥,服务端存储私钥,将公钥给客户端 (2)每次请求前,将明文数据利用公钥进行加密,然后将密文传递给服务端 (3)服务端拿到密文,利用私钥进行解密,得到明文数据,然后进行业务处理

1.引入jarbao io.jsonwebtoken jjwt 0.9.1 com.auth0 jwks-rsa 0.9.0 commons-io commons-io 2.4 org.apache.commons commons-lang3 2.创建自定义注解 package com.othp.core.config; import java.lang.annotation.*; import org.springframework.web.bind.annotation.Mapping; @Target({ElementType.METHOD,ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) @Mapping @Documented public @interface RsaParameter { /** * 入参是否解密,默认解密 */ boolean inDecode() default true; /** * 出参是否加密,默认加密 */ boolean outEncode() default false; } 3.加入增强控制器 package com.othp.core.advice; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Type; import org.apache.commons.io.IOUtils; import org.springframework.core.MethodParameter; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpInputMessage; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice; import com.othp.core.config.RsaParameter; import com.othp.core.util.RSAEncrypt; import lombok.extern.slf4j.Slf4j; @Slf4j @ControllerAdvice(basePackages = {"com.othp.mine.controller","com.othp.mine.controller"}) public class RsaDecodeRequestBodyAdvice implements RequestBodyAdvice { @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class converterType) { // TODO Auto-generated method stub return true; } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter methodParameter, Type targetType, Class converterType) throws IOException { try { boolean encode = false; if (methodParameter.getMethod().isAnnotationPresent(RsaParameter.class)) { //获取注解配置的包含和去除字段 RsaParameter serializedField = methodParameter.getMethodAnnotation(RsaParameter.class); //入参是否需要解密 encode = serializedField.inDecode(); } if (encode) { log.info("对方法method :【" + methodParameter.getMethod().getName() + "】返回数据进行解密"); return new MyHttpInputMessage(inputMessage); }else{ return inputMessage; } } catch (Exception e) { e.printStackTrace(); log.error("对方法method :【" + methodParameter.getMethod().getName() + "】返回数据进行解密出现异常:"+e.getMessage()); return inputMessage; } } @Override public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class converterType) { return body; } @Override public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class converterType) { return body; } class MyHttpInputMessage implements HttpInputMessage { private HttpHeaders headers; private InputStream body; public MyHttpInputMessage(HttpInputMessage inputMessage) throws Exception { this.headers = inputMessage.getHeaders(); String content = IOUtils.toString(inputMessage.getBody(),"utf-8"); this.body = IOUtils.toInputStream(RSAEncrypt.rsaDecrypt(content)); } @Override public InputStream getBody() throws IOException { return body; } @Override public HttpHeaders getHeaders() { return headers; } } } 4.加入RSA工具类 package com.othp.core.util; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.SecureRandom; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Arrays; import java.util.Base64; import java.util.HashMap; import java.util.Map; import javax.crypto.Cipher; import com.fasterxml.jackson.databind.util.JSONPObject; public class RSAEncrypt { private static Map keyMap = new HashMap(); //用于封装随机产生的公钥与私钥 //公钥 private static String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxkIbCWY8re71Fwmf4ehTl+6xuvFSbEuE7ZumXMlOkvWdSVatiTNnrX29I33uAicp19XJAwZSy2hKUPkoSmqzyZ9Si+fi3h1ZGD31WtSVxiAGgkmclVjIiuph2v8kjc/knzZgzLQaPX5E5SkFKPK+9bWJ+2Fkrx3ulSBxAeqWTuQIDAQAB"; //私钥 private static String privateKey = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALGQhsJZjyt7vUXCZ/h6FOX7rG68VJsS4Ttm6ZcyU6S9Z1JVq2JM2etfb0jfe4CJynX1ckDBlLLaEpQ+ShKarPJn1KL5+LeHVkYPfVa1JXGIAaCSZyVWMiK6mHa/ySNz+SfNmDMtBo9fkTlKQUo8r71tYn7YWSvHe6VIHEB6pZO5AgMBAAECgYBJuOHai2if+y4oaoDUb4uBuS5sg5D1Ga+eBCpz9hc4TNM7IgqYM6Q+z07bCL60LYF73D5lmHnukBAqsHn8o2+uPBl202/Mg9j3VGD3BVfcjXOeNmtbdGRbK8qR/AG33WoUC41DqXG5teXQ1bqbzgIhd/o8c3beLGkS6kNjhOXCiQJBAOCcgRgeRSetiZMFCBzXEqds0Zk7rOUyjFGUA6ANsHZQbiZYYqXWuvetbLcjdYmSW5H92+FsVZDSIq7kGQzk9y8CQQDKYOsF+a7MEQaSyJ84olmiRyL9OCxBW0Qkgi81mZSbAQ4zKEN42rYYhpzEFSRYNltYbqlr5UaheOnGtw4nwumXAkEApHWziGdRl3XXT9DVWdiYjgJ9jcdGFyPl3i2UYfLkDB1kKat5v5f0mjlfatEJ1MtXRRQtlWbvV/Sk9I2LUgesfQJAft4a93f6uDrEIChciChegHiP2qXoOGB6a1ihN7y7iCA1QqSvB4g0N1PL2rBWRGZvBRT6aIUmrfsaslP3L73kqQJBAJ0GwkZTKLEMTzObpKWooYP/UE8kdTf6FMrL0BJohZ1DMQ33hdLr+qO9MM4wU9HtI+MjBKzOg4FvQwe1TlNLH/Q="; public static void main(String[] args) throws Exception { //生成公钥和私钥 genKeyPair(); //加密字符串 // String message = "{\"name\":\"1\",\"password\":\"2\"}"; String message = "{\r\n" + " \"feedbackContent\": \"string\",\r\n" + " \"feedbackId\": \"string\",\r\n" + " \"feedbackPicture\": \"string\",\r\n" + " \"userId\": \"123\",\r\n" + " \"userType\": \"1\"\r\n" + "}"; // System.out.println("随机生成的公钥为:" + keyMap.get(0)); // System.out.println("随机生成的私钥为:" + keyMap.get(1)); System.out.println("\t加密前的字符串为:" + message); // String messageEn = encrypt(message); String messageEn = rsaEncrypt(message); System.out.println("\t加密后的字符串为:" + messageEn); // String messageDe = decrypt(messageEn); String messageDe = rsaDecrypt(messageEn); System.out.println("\t还原后的字符串为:" + messageDe); } /** * 随机生成密钥对 * @throws NoSuchAlgorithmException */ public static void genKeyPair() throws NoSuchAlgorithmException { // KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); // 初始化密钥对生成器,密钥大小为96-1024位 keyPairGen.initialize(1024,new SecureRandom()); // 生成一个密钥对,保存在keyPair中 KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到私钥 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公钥 String publicKeyString = new String(Base64.getEncoder().encodeToString(publicKey.getEncoded())); // 得到私钥字符串 String privateKeyString = new String(Base64.getEncoder().encodeToString(privateKey.getEncoded())); // 将公钥和私钥保存到Map keyMap.put(0,publicKeyString); //0表示公钥 keyMap.put(1,privateKeyString); //1表示私钥 } /** * RSA公钥加密 * * @param str * 加密字符串 * @param publicKey * 公钥 * @return 密文 * @throws Exception * 加密过程中的异常信息 */ public static String encrypt(String str) throws Exception{ //base64编码的公钥 byte[] decoded = Base64.getDecoder().decode(publicKey); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded)); //RSA加密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); String outStr = Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes("UTF-8"))); return outStr; } /** * RSA私钥解密 * * @param str * 加密字符串 * @param privateKey * 私钥 * @return 铭文 * @throws Exception * 解密过程中的异常信息 */ public static String decrypt(String str) throws Exception{ //64位解码加密后的字符串 byte[] inputByte = Base64.getDecoder().decode(str.getBytes("UTF-8")); //base64编码的私钥 byte[] decoded = Base64.getDecoder().decode(privateKey); RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); //RSA解密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, priKey); String outStr = new String(cipher.doFinal(inputByte)); return outStr; } //加密长度不超过117Byte,解密长度不超过128Byte //解密 public static String rsaDecrypt(String input) { String result = ""; try { // 将Base64编码后的公钥转换成PublicKey对象 byte[] decoded = Base64.getDecoder().decode(privateKey); RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); // 加密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, priKey); byte[] inputArray = Base64.getDecoder().decode(input.getBytes("UTF-8")); int inputLength = inputArray.length; // 最大加密字节数,超出最大字节数需要分组加密 int MAX_ENCRYPT_BLOCK = 128; // 标识 int offSet = 0; byte[] resultBytes = {}; byte[] cache = {}; while (inputLength - offSet > 0) { if (inputLength - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(inputArray, offSet, MAX_ENCRYPT_BLOCK); offSet += MAX_ENCRYPT_BLOCK; } else { cache = cipher.doFinal(inputArray, offSet, inputLength - offSet); offSet = inputLength; } resultBytes = Arrays.copyOf(resultBytes, resultBytes.length + cache.length); System.arraycopy(cache, 0, resultBytes, resultBytes.length - cache.length, cache.length); } result = new String(resultBytes); } catch (Exception e) { System.out.println("rsaEncrypt error:" + e.getMessage()); result = input; } return result; } //加密长度不超过117Byte,解密长度不超过128Byte //加密 public static String rsaEncrypt(String input) { String result = ""; try { // 将Base64编码后的公钥转换成PublicKey对象 byte[] buffer = Base64.getDecoder().decode(publicKey); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer); PublicKey publicKey = keyFactory.generatePublic(keySpec); // 加密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] inputArray = input.getBytes(); int inputLength = inputArray.length; // 最大加密字节数,超出最大字节数需要分组加密 int MAX_ENCRYPT_BLOCK = 117; // 标识 int offSet = 0; byte[] resultBytes = {}; byte[] cache = {}; while (inputLength - offSet > 0) { if (inputLength - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(inputArray, offSet, MAX_ENCRYPT_BLOCK); offSet += MAX_ENCRYPT_BLOCK; } else { cache = cipher.doFinal(inputArray, offSet, inputLength - offSet); offSet = inputLength; } resultBytes = Arrays.copyOf(resultBytes, resultBytes.length + cache.length); System.arraycopy(cache, 0, resultBytes, resultBytes.length - cache.length, cache.length); } result = Base64.getEncoder().encodeToString(resultBytes); } catch (Exception e) { System.out.println("rsaEncrypt error:" + e.getMessage()); } return result; } } 5.直接在需要加密的controller上加注解 @RequestMapping(value = "/saveFeedbackInfo", method = RequestMethod.POST) @RsaParameter public ResponseResult saveFeedbackInfo( @RequestBody @Validated SJ0408_01_BO bo) { Boolean result = sj0408_01_Service.saveFeedbackInfo(bo); return ResponseResult.success(result); }

加密处理只对requestBody进行加密,特殊处理过,不加密也能执行。

6.有个简易的处理

弊端:Cipher提供加解密API,其中RSA非对称加密解密内容长度是有限制的,加密长度不超过117Byte,解密长度不超过128Byte,报错如下:javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes。 一、引入jar包

cn.shuibo rsa-encrypt-body-spring-boot 1.0.1.RELEASE

二、启动类Application中添加@EnableSecurity注解 三、在application.yml或者application.properties中添加RSA公钥及私钥

rsa: encrypt: open: true # 是否开启加密 true or false showLog: true # 是否打印加解密log true or false publicKey: # RSA公钥 privateKey: # RSA私钥

四、在controller方法上加 @Encrypt 返回值进行加密 @Decrypt 传过来的加密参数解密



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3